Open noumanqaiser opened 1 month ago
philipWendland
commented
1 month ago Hi, AFAIR you can set the log level with "OPENSC_DEBUG=9 pkcs15-init" (or multiple uses of verbose). Can you please post a log? It might contain sensitive data, your PIN, PUK, etc, so use dummy values.
noumanqaiser
commented
1 month ago HI Philip, Thanks for a prompt response,
I am attaching the log files when I try to initialize and when I try to create key with debug level 9, (There is no confidentiality issue as I am trying to learn use of smart cards in cryptography on a test setup).
Looking forward to your inputs. pkcs Initialization.txt
noumanqaiser
commented
1 month ago Hi Philip, Have done some more research, it seems the particular variant of NXP chip used in my card (J3R200) does not seem to have on-card RSA key generation capability, I validated it by running a test with JCAlgTest.
https://www.fi.muni.cz/~xsvenda/jcalgtest/table.html
It seems from the table in the above link, J3R180 does seem to have key generation capability, while looking at the AlgTest Report I generated using JCAlgTest applet, J3R200 doesnt have this capability. I am attaching the report here aswell incase if someone else faces similar issue(I have also sent it to JCAlgTest so they can update their table with this card).
NXP_JCOP_J3R200_ALGSUPPORT__3b_e0_00_00_81_31_fe_45_eb.csv
So from the look of it, It seems I will have to buy a new card and continue my triails.
In parallel, I would really appreciate if you can guide me about if I what I am trying to achieve with IsoApplet/OpenSC is even possible(assuming no card specific restriction), I wanted to achieve the following:
Are the above 5 steps likely to be achievable?
philipWendland
commented
2 weeks ago It seems really weird that the card does not support on-card generation, but your CSV certainly indicates that.
As for 4., the private and public key are available in the smart card even without importing the certificate again. pkcs11-tool has an option "-w, --write-object
As for 5., I am not sure about whether this works in Windows or .NET at all, to be honest. But maybe it will, through an PKCS#11/OpenSC interface.
Dear Philip, IsoApplet Team,
First of all Thankyou for this excellent piece of work, it seems people will continue to benefit from this applet for a while.
I have a J3R200 Javacard which I understand is a Javacard 3.0.5. I have a contact reader, and OpenSC, GlobalPlatformPro setup on my computer to interact with the card. (J3R200 specs are defined here: https://www.mwcardtech.com/product/J3R200_J3R180_JCOP4_P71_Java_Card.html ). I have coding for a while but I am relatively quite new to the world of smartcards and seem to have hit a roadblock when it comes to generating private key.
My end objective is to be able to create a private key on the card, Create CSR, sign the CSR externally using openSSL to generate the x509 certificate, and then import it back into the card. Later I would use the card to sign/decrypt data.
I followed all the steps in your Wiki(Many thanks for well written documentation).
I installed the isoApplet.cap file 0.6.1, also Initialized the PCKS15 structure, Post this when I try to create a key, I have hit a roadblock and cannot see to create a key.
When I run List algorithms, here is what I get:
Here is when I run a dump:
Here is the error I get whenever I try to generate a key inside the card:
Another attempt:
When I list mechsnisms supported by my card here is the list:
Here are things I have tried(and didnt work)
My Question is, what is causing the pkcs15init key generation to fail, is there anything you would recommend to sort this?
Regards, Nouman